Tag Archives: passwords

WordPress Database Brute Force and Backdoors

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers […]

3-D Secure SMS-OTP Phishing

One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within […]

Creative Phishing for Digital Gold on RuneScape

RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created. At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can […]

Password Attacks 101

One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords. Let’s take a look at three kinds of password attacks. Brute Force Attacks Brute forcing in its essence is trying many passwords to […]

Personal Online Security – Account Management

Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic. The first posts […]

How Passwords Get Hacked

How many passwords do you use in a given day? Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire. The disdain for […]

Why Reinfections Happen with a WAF

A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside. Cross-site Contamination One common way that websites get reinfected is through cross-site […]

FTP Logs Used to Determine Attack Vector

Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any access to logs, or what we can […]